WordPress coding standards set

spacedmonkey · spacedmonkey · commit 02d47e566731 · 2019-07-18T11:04:59.000+01:00
diff --git a/.phpcs.xml.dist b/.phpcs.xml.dist
@@ -20,22 +20,8 @@
 	<!-- https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards -->
 	<!-- https://github.com/WordPress-Coding-Standards/WordPress-Coding-Standards/wiki/Customizable-sniff-properties -->
 	<config name="minimum_supported_wp_version" value="4.8"/>
-	<rule ref="WordPress" />
-	<rule ref="WordPress.NamingConventions.PrefixAllGlobals">
-		<properties>
-			<!-- Value: replace the function, class, and variable prefixes used. Separate multiple prefixes with a comma. -->
-			<property name="prefixes" type="array" value="oauth2"/>
-		</properties>
-	</rule>
-	<rule ref="WordPress.WP.I18n">
-		<properties>
-			<!-- Value: replace the text domain used. -->
-			<property name="text_domain" type="array" value="oauth2"/>
-		</properties>
-	</rule>
-	<rule ref="WordPress.WhiteSpace.ControlStructureSpacing">
-		<properties>
-			<property name="blank_line_check" value="true"/>
-		</properties>
+	<rule ref="WordPress">
+		<exclude name="Generic.Commenting" />
+		<exclude name="Squiz.Commenting" />
 	</rule>
 </ruleset>
diff --git a/inc/admin/class-listtable.php b/inc/admin/class-listtable.php
@@ -103,7 +103,7 @@ protected function column_name( $item ) {
 		];
 
 		$post_type_object = get_post_type_object( $item->post_type );
-		if ( current_user_can( $post_type_object->cap->publish_posts ) && $item->post_status !== 'publish' ) {
+		if ( current_user_can( $post_type_object->cap->publish_posts ) && 'publish' !== $item->post_status ) {
 			$publish_link = add_query_arg(
 				[
 					'page'   => 'rest-oauth2-apps',
diff --git a/inc/admin/namespace.php b/inc/admin/namespace.php
@@ -86,7 +86,6 @@ function load() {
 
 			return;
 	}
-
 }
 
 /**
@@ -342,7 +341,7 @@ function render_edit_page() {
 	$submenu_file = BASE_SLUG;
 	// phpcs:enable
 
-	include( ABSPATH . 'wp-admin/admin-header.php' );
+	include ABSPATH . 'wp-admin/admin-header.php';
 	?>
 
 	<div class="wrap">
diff --git a/inc/admin/profile/namespace.php b/inc/admin/profile/namespace.php
@@ -46,7 +46,7 @@ function ( Access_Token $token ) {
 	}
 
 	?>
-	<h2><?php _e( 'Authorized Applications', 'oauth2' ); ?></h2>
+	<h2><?php esc_html_e( 'Authorized Applications', 'oauth2' ); ?></h2>
 	<?php if ( ! empty( $tokens ) ) : ?>
 		<table class="widefat">
 			<thead>
@@ -156,7 +156,6 @@ function render_token_row( WP_User $user, Access_Token $token ) {
 	 */
 	$actions = apply_filters_deprecated( 'oauth2.admin.profile.render_token_row.actions', $actions, $token, $user ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
 
-
 	/**
 	 * Filter actions shown for an access token on the profile screen.
 	 *
@@ -192,7 +191,7 @@ function render_token_row( WP_User $user, Access_Token $token ) {
  */
 function output_profile_messages() {
 	global $pagenow;
-	if ( $pagenow !== 'profile.php' && $pagenow !== 'user-edit.php' ) {
+	if ( 'profile.php' !== $pagenow && 'user-edit.php' !== $pagenow ) {
 		return;
 	}
 
diff --git a/inc/admin/profile/personaltokens/namespace.php b/inc/admin/profile/personaltokens/namespace.php
@@ -152,7 +152,6 @@ class="regular-text"
  * Handle action from a form.
  */
 function handle_page_action( WP_User $user ) {
-
 	if ( ! isset( $_POST['oauth2_action'] ) ) {
 		return new WP_Error(
 			'rest_oauth2_invalid_action',
diff --git a/inc/authentication/namespace.php b/inc/authentication/namespace.php
@@ -84,7 +84,7 @@ function get_token_from_request() {
 		return null;
 	}
 
-	$token = $_GET['access_token']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+	$token = $_GET['access_token']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput
 	if ( is_string( $token ) ) {
 		return $token;
 	}
diff --git a/inc/class-client.php b/inc/class-client.php
@@ -276,7 +276,7 @@ public function regenerate_secret() {
 	 * Issue token for a user.
 	 *
 	 * @param \WP_User $user
-	 * @param array $meta
+	 * @param array    $meta
 	 *
 	 * @return Access_Token
 	 */
diff --git a/inc/class-clientinterface.php b/inc/class-clientinterface.php
@@ -87,7 +87,7 @@ public function regenerate_secret();
 	 * Issue token for a user.
 	 *
 	 * @param \WP_User $user
-	 * @param array $meta
+	 * @param array    $meta
 	 *
 	 * @return Access_Token
 	 */
diff --git a/inc/class-personalclient.php b/inc/class-personalclient.php
@@ -149,7 +149,7 @@ public function regenerate_secret() {
 	 * Issue token for a user.
 	 *
 	 * @param \WP_User $user
-	 * @param array $meta
+	 * @param array    $meta
 	 *
 	 * @return Access_Token
 	 */
diff --git a/inc/endpoints/class-token.php b/inc/endpoints/class-token.php
@@ -52,7 +52,7 @@ public function register_routes() {
 	 * @return bool Whether or not the grant type is valid.
 	 */
 	public function validate_grant_type( $type ) {
-		return $type === 'authorization_code';
+		return 'authorization_code' === $type;
 	}
 
 	/**
diff --git a/inc/namespace.php b/inc/namespace.php
@@ -46,7 +46,6 @@ function rest_oauth2_load_authorize_page() {
  * @return Type[] Map of grant type to handler object.
  */
 function get_grant_types() {
-
 	$grant_types = apply_filters_deprecated( 'oauth2.grant_types', [] ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
 
 	/**
@@ -162,7 +161,7 @@ function get_token_url() {
  * @return ClientInterface Client instance.
  */
 function get_client( $id ) {
-	if ( $id === PersonalClient::ID ) {
+	if ( PersonalClient::ID === $id ) {
 		return PersonalClient::get_instance();
 	}
 
diff --git a/inc/tokens/class-access-token.php b/inc/tokens/class-access-token.php
@@ -49,7 +49,7 @@ public function get_creation_time() {
 	 * as a description for the token.
 	 *
 	 * @param string $key Meta key to fetch.
-	 * @param mixed $default Value to return if key is unavailable.
+	 * @param mixed  $default Value to return if key is unavailable.
 	 * @return mixed Value if available, or value of `$default` if not found.
 	 */
 	public function get_meta( $key, $default = null ) {
@@ -67,7 +67,7 @@ public function get_meta( $key, $default = null ) {
 	 * as a description for the token.
 	 *
 	 * @param string $key Meta key to set.
-	 * @param mixed $value Value to set on the key.
+	 * @param mixed  $value Value to set on the key.
 	 * @return bool True if meta was set, false otherwise.
 	 */
 	public function set_meta( $key, $value ) {
diff --git a/inc/tokens/class-authorization-code.php b/inc/tokens/class-authorization-code.php
@@ -183,7 +183,7 @@ public static function get_by_code( Client $client, $code ) {
 	/**
 	 * Creates a new authorization code instance for the given client and user.
 	 *
-	 * @param Client $client
+	 * @param Client  $client
 	 * @param WP_User $user
 	 *
 	 * @return Authorization_Code|WP_Error Authorization code instance, or error on failure.
diff --git a/inc/tokens/class-token.php b/inc/tokens/class-token.php
@@ -28,8 +28,8 @@ abstract class Token {
 	protected $value;
 
 	/**
-	 * @param string $key
-	 * @param mixed $value
+	 * @param WP_User $key
+	 * @param mixed  $value
 	 */
 	protected function __construct( WP_User $user, $key, $value ) {
 		$this->user  = $user;
diff --git a/inc/types/class-authorization-code.php b/inc/types/class-authorization-code.php
@@ -67,13 +67,13 @@ protected function handle_authorization_submission( $submit, Client $client, $da
 
 		$redirect_args = $this->filter_redirect_args(
 			$redirect_args,
-			$submit === 'authorize',
+			'authorize' === $submit,
 			$client,
 			$data
 		);
 
 		$generated_redirect = add_query_arg( urlencode_deep( $redirect_args ), $redirect_uri );
-		wp_redirect( $generated_redirect );
+		wp_safe_redirect( $generated_redirect );
 		exit;
 	}
 }
diff --git a/inc/types/class-base.php b/inc/types/class-base.php
@@ -17,7 +17,7 @@ abstract class Base implements Type {
 	 *
 	 * @param string $submit Value of the selected button.
 	 * @param Client $client Client being authorised.
-	 * @param array $data Data gathered for the request. {
+	 * @param array  $data Data gathered for the request. {
 	 *     @var string $redirect_uri Specified redirection URI.
 	 *     @var string $scope Requested scope.
 	 *     @var string $state State parameter from the client.
@@ -32,7 +32,6 @@ abstract protected function handle_authorization_submission( $submit, Client $cl
 	 * @return string|void|WP_Error|null
 	 */
 	public function handle_authorisation() {
-
 		if ( empty( $_GET['client_id'] ) ) {
 			return new WP_Error(
 				'oauth2.types.authorization_code.handle_authorisation.missing_client_id',
@@ -70,7 +69,7 @@ public function handle_authorisation() {
 		if ( ! is_user_logged_in() ) {
 			$redirect = '';
 			if ( isset( $_SERVER['REQUEST_URI'] ) ) {
-				$redirect = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
+				$redirect = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
 			}
 			$url = wp_login_url( $redirect );
 			wp_safe_redirect( $url );
@@ -113,7 +112,7 @@ public function handle_authorisation() {
 	/**
 	 * Validate the supplied redirect URI.
 	 *
-	 * @param Client $client Client to validate against.
+	 * @param Client      $client Client to validate against.
 	 * @param string|null $redirect_uri Redirect URI, if supplied.
 	 * @return string|WP_Error Valid redirect URI on success, error otherwise.
 	 */
@@ -144,7 +143,7 @@ protected function validate_redirect_uri( Client $client, $redirect_uri = null )
 	/**
 	 * Render the authorisation form.
 	 *
-	 * @param Client $client Client being authorised.
+	 * @param Client   $client Client being authorised.
 	 * @param WP_Error $errors Errors to display, if any.
 	 */
 	protected function render_form( Client $client, WP_Error $errors = null ) {
@@ -169,10 +168,10 @@ protected function get_nonce_action( Client $client ) {
 	/**
 	 * Filter the redirection args.
 	 *
-	 * @param array $redirect_args Redirect args.
+	 * @param array   $redirect_args Redirect args.
 	 * @param boolean $authorized True if authorized, false otherwise.
-	 * @param Client $client Client being authorised.
-	 * @param array $data Data for the request.
+	 * @param Client  $client Client being authorised.
+	 * @param array   $data Data for the request.
 	 */
 	protected function filter_redirect_args( $redirect_args, $authorized, Client $client, $data ) {
 		if ( ! $authorized ) {
@@ -186,7 +185,6 @@ protected function filter_redirect_args( $redirect_args, $authorized, Client $cl
 			 */
 			$redirect_args = apply_filters_deprecated( 'oauth2.redirect_args.cancelled', $redirect_args, $client, $data ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores
 
-
 			/**
 			 * Filter the redirect args when the user has cancelled.
 			 *
diff --git a/inc/types/class-implicit.php b/inc/types/class-implicit.php
@@ -68,14 +68,14 @@ protected function handle_authorization_submission( $submit, Client $client, $da
 
 		$redirect_args = $this->filter_redirect_args(
 			$redirect_args,
-			$submit === 'authorize',
+			'authorize' === $submit,
 			$client,
 			$data
 		);
 
 		$fragment           = build_query( $redirect_args );
 		$generated_redirect = $redirect_uri . '#' . $fragment;
-		wp_redirect( $generated_redirect );
+		wp_safe_redirect( $generated_redirect );
 		exit;
 	}
 
diff --git a/plugin.php b/plugin.php
@@ -4,8 +4,8 @@
  *
  * @package     WordPress
  * @subpackage  JSON API
- * @author      WordPress Core Contributors (REST API Focus)
- * @copyright   2019 WordPress
+ * @author      Squiz Pty Ltd <products@squiz.net>
+ * @copyright   2019 Squiz Pty Ltd (ABN 77 084 670 600)
  * @license     GPL-2.0-or-later
  *
  * @oauth2
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
@@ -12,7 +12,7 @@
 }
 
 if ( ! file_exists( $_tests_dir . '/includes/functions.php' ) ) {
-	echo "Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?" . PHP_EOL; // WPCS: XSS ok.
+	echo "Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?" . PHP_EOL; // phpcs:ignore WordPress.Security.EscapeOutput
 	exit( 1 );
 }
 
diff --git a/theme/oauth2-authorize.php b/theme/oauth2-authorize.php
@@ -15,7 +15,7 @@
 
 $_current_user = wp_get_current_user();
 
-$url = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput.InputNotSanitized, WordPress.Security.ValidatedSanitizedInput.InputNotValidated
+$url = $_SERVER['REQUEST_URI']; // phpcs:ignore WordPress.Security.ValidatedSanitizedInput
 
 ?>
 
@@ -100,14 +100,14 @@
 	?>
 
 	<p class="submit">
-		<button type="submit" name="wp-submit" value="authorize" class="button button-primary button-large"><?php _e( 'Authorize', 'oauth2' ); ?></button>
-		<button type="submit" name="wp-submit" value="cancel" class="button button-large"><?php _e( 'Cancel', 'oauth2' ); ?></button>
+		<button type="submit" name="wp-submit" value="authorize" class="button button-primary button-large"><?php esc_html_e( 'Authorize', 'oauth2' ); ?></button>
+		<button type="submit" name="wp-submit" value="cancel" class="button button-large"><?php esc_html_e( 'Cancel', 'oauth2' ); ?></button>
 	</p>
 
 </form>
 
 <p id="nav">
-<a href="<?php echo esc_url( wp_login_url( $url, true ) ); ?>"><?php _e( 'Switch user', 'oauth2' ); ?></a>
+<a href="<?php echo esc_url( wp_login_url( $url, true ) ); ?>"><?php esc_html_e( 'Switch user', 'oauth2' ); ?></a>
 <?php
 if ( get_option( 'users_can_register' ) ) :
 	$registration_url = sprintf( '<a href="%s">%s</a>', esc_url( wp_registration_url() ), __( 'Register', 'oauth2' ) );

Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ protected function column_name( $item ) {`
`103`	`103`	`];`
`104`	`104`
`105`	`105`	`$post_type_object = get_post_type_object( $item->post_type );`
`106`		`- if ( current_user_can( $post_type_object->cap->publish_posts ) && $item->post_status !== 'publish' ) {`
	`106`	`+ if ( current_user_can( $post_type_object->cap->publish_posts ) && 'publish' !== $item->post_status ) {`
`107`	`107`	`$publish_link = add_query_arg(`
`108`	`108`	`[`
`109`	`109`	`'page' => 'rest-oauth2-apps',`
Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,6 @@ function load() {`
`86`	`86`
`87`	`87`	`return;`
`88`	`88`	`}`
`89`		`-`
`90`	`89`	`}`
`91`	`90`
`92`	`91`	`/**`
`@@ -342,7 +341,7 @@ function render_edit_page() {`
`342`	`341`	`$submenu_file = BASE_SLUG;`
`343`	`342`	`// phpcs:enable`
`344`	`343`
`345`		`- include( ABSPATH . 'wp-admin/admin-header.php' );`
	`344`	`+ include ABSPATH . 'wp-admin/admin-header.php';`
`346`	`345`	`?>`
`347`	`346`
`348`	`347`	`<div class="wrap">`
Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ function get_token_from_request() {`
`84`	`84`	`return null;`
`85`	`85`	`}`
`86`	`86`
`87`		`- $token = $_GET['access_token']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized`
	`87`	`+ $token = $_GET['access_token']; // phpcs:ignore WordPress.Security.NonceVerification.Recommended, WordPress.Security.ValidatedSanitizedInput`
`88`	`88`	`if ( is_string( $token ) ) {`
`89`	`89`	`return $token;`
`90`	`90`	`}`
Original file line number	Diff line number	Diff line change
`@@ -276,7 +276,7 @@ public function regenerate_secret() {`
`276`	`276`	`* Issue token for a user.`
`277`	`277`	`*`
`278`	`278`	`* @param \WP_User $user`
`279`		`- * @param array $meta`
	`279`	`+ * @param array $meta`
`280`	`280`	`*`
`281`	`281`	`* @return Access_Token`
`282`	`282`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ public function regenerate_secret();`
`87`	`87`	`* Issue token for a user.`
`88`	`88`	`*`
`89`	`89`	`* @param \WP_User $user`
`90`		`- * @param array $meta`
	`90`	`+ * @param array $meta`
`91`	`91`	`*`
`92`	`92`	`* @return Access_Token`
`93`	`93`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ public function regenerate_secret() {`
`149`	`149`	`* Issue token for a user.`
`150`	`150`	`*`
`151`	`151`	`* @param \WP_User $user`
`152`		`- * @param array $meta`
	`152`	`+ * @param array $meta`
`153`	`153`	`*`
`154`	`154`	`* @return Access_Token`
`155`	`155`	`*/`
Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ public function register_routes() {`
`52`	`52`	`* @return bool Whether or not the grant type is valid.`
`53`	`53`	`*/`
`54`	`54`	`public function validate_grant_type( $type ) {`
`55`		`- return $type === 'authorization_code';`
	`55`	`+ return 'authorization_code' === $type;`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`/**`